Emily
71bbd876b7
nixos/hardened: don't set kernel.unprivileged_bpf_disabled
...
Upstreamed in anthraxx/linux-hardened@1a3e0c2830 .
2020-04-17 16:13:39 +01:00
Emily
9da578a78f
nixos/hardened: don't set kernel.dmesg_restrict
...
Upstreamed in anthraxx/linux-hardened@e3d3f13ffb .
2020-04-17 16:13:39 +01:00
Emily
cf1bce6a7a
nixos/hardened: don't set vsyscall=none
...
Upstreamed in anthraxx/linux-hardened@d300b0fdad .
2020-04-17 16:13:39 +01:00
Emily
3b32cd2a5b
nixos/hardened: don't set slab_nomerge
...
Upstreamed in anthraxx/linux-hardened@df29f9248c .
2020-04-17 16:13:39 +01:00
Euan Kemp
bc138f407f
nixos/k3s: add initial k3s service
...
* nixos/k3s: simplify config expression
* nixos/k3s: add config assertions and trim unneeded bits
* nixos/k3s: add a test that k3s works; minor module improvements
This is a single-node test. Eventually we should also have a multi-node
test to verify the agent bit works, but that one's more involved.
* nixos/k3s: add option description
* nixos/k3s: add defaults for token/serveraddr
Now that the assertion enforces their presence, we dont' need to use the typesystem for it.
* nixos/k3s: remove unneeded sudo in test
* nixos/k3s: add to test list
2020-04-17 16:39:54 +02:00
adisbladis
5340ebe085
mopidy: Create a mopidyPackages set
...
This is to avoid mixing python versions in the same plugin closure.
2020-04-17 12:39:03 +01:00
Maximilian Bosch
ab0a10b39b
Merge pull request #85341 from Ma27/bump-hydra
...
hydra: 2020-04-07 -> 2020-04-16
2020-04-16 21:48:45 +02:00
Yegor Timoshenko
8262ecd369
Merge pull request #85004 from emilazy/add-initrd-secrets-path-assertion
...
nixos/stage-1: check secret paths before copying
2020-04-16 17:42:40 +03:00
worldofpeace
b61999e4ad
Merge pull request #85332 from arianvp/revert-acme
...
Revert "nixos/acme: Fix allowKeysForGroup not applying immediately"
2020-04-16 08:43:36 -04:00
Maximilian Bosch
74d6e86ec2
nixos/doc: fix database-setup example for matrix-synapse
...
Closes #85327
2020-04-16 11:38:15 +02:00
Arian van Putten
5c1c642939
Revert "nixos/acme: Fix allowKeysForGroup not applying immediately"
...
This reverts commit 5532065d06
.
As far as I can tell setting RemainAfterExit=true here completely breaks
certificate renewal, which is really bad!
the sytemd timer will activate the service unit every OnCalendar=,
however with RemainAfterExit=true the service is already active! So the
timer doesn't rerun the service!
The commit also broke the actual tests, (As it broke activation too)
but this was fixed later in https://github.com/NixOS/nixpkgs/pull/76052
I wrongly assumed that PR fixed renewal too, which it didn't!
testing renewals is hard, as we need to sleep in tests.
2020-04-16 10:37:04 +02:00
Maximilian Bosch
5e124e5abd
nixos/tests: fix inclusion of hydra test
2020-04-16 02:17:25 +02:00
Maximilian Bosch
2d55f9c01a
Merge pull request #84266 from Ma27/nspawn-overrides
...
nixos/systemd-nspawn: disallow multiple packages with `.nspawn`-units
2020-04-16 00:24:33 +02:00
Maximilian Bosch
70ecf83c33
Merge pull request #82339 from Ma27/captive-browser-xdg
...
nixos/captive-browser: set chromium's data-dir to a XDG-compliant location
2020-04-16 00:06:12 +02:00
Florian Klink
7835641e77
Merge pull request #85252 from flokli/nixos-flannel-fix
...
nixosTests.flannel: port to python, unbreak
2020-04-15 20:01:13 +02:00
Maximilian Bosch
dca0b71876
Merge pull request #85162 from Ma27/build-vms-file-loc
...
nixos/build-vms: propagate file location
2020-04-15 17:42:12 +02:00
Michele Guerini Rocco
da232ea497
Merge pull request #78129 from flyfloh/airsonic-vhost
...
airsonic: fix virtualHost option
2020-04-15 09:18:28 +02:00
Florian Klink
28ef43824b
nixosTests.flannel: port to python, unbreak
...
For reasons yet unknown, the vxlan backend doesn't work (at least inside
the qemu networking), so this is moved to the udp backend.
Note changing the backend apparently also changes the interface name,
it's now `flannel0`, not `flannel.1`
fixes #74941
2020-04-14 23:56:42 +02:00
Matthew Bauer
57e20c5d87
Merge pull request #83362 from bachp/boinc
...
nixos/boinc: simplify setup of boinc service
2020-04-14 15:55:54 -04:00
Maximilian Bosch
57087ea280
Merge pull request #85165 from mayflower/alertmanager-clustering
...
prometheus/alertmanager: implement HA clustering support
2020-04-14 16:13:34 +02:00
worldofpeace
6304c9af48
Merge pull request #85222 from mayflower/libinput-manual-ref
...
nixos/libinput: refer to libinput manual
2020-04-14 09:42:55 -04:00
worldofpeace
e4c5e68fca
Merge pull request #84255 from prikhi/lightdm-mini-greeter-040
...
lightdm-mini-greeter: 0.3.4 -> 0.4.0
2020-04-14 08:38:23 -04:00
Linus Heckemann
9953a26be1
nixos/libinput: refer to libinput manual
2020-04-14 14:31:49 +02:00
Sander van der Burg
0ffb720e8c
nixos/dysnomia: fix documentRoot property
2020-04-14 14:31:13 +02:00
Michele Guerini Rocco
86d71ddbed
Merge pull request #85170 from flokli/networking-virtual
...
nixos/networking: fix setting MAC Address and MTU in networkd, fix tests
2020-04-14 14:20:49 +02:00
Jörg Thalheim
fd438d5f09
Merge pull request #85185 from m1cr0man/legoaccounts
...
acme: share accounts between certificates
2020-04-14 13:12:57 +01:00
worldofpeace
57b862bb53
Merge pull request #85125 from iblech/patch-iodine-test
...
iodine: improve test in view of #58806
2020-04-14 08:03:23 -04:00
Jaka Hudoklin
de6891ffd0
Merge pull request #83930 from xtruder/nixos/virtualisation/hyperv-image
...
modules/virtualisation: add hyperv-image
2020-04-14 03:27:22 +00:00
Lucas Savva
827d5e6b44
acme: share accounts between certificates
...
There are strict rate limits on account creation for Let's Encrypt
certificates. It is important to reuse credentails when possible.
2020-04-14 00:15:16 +01:00
Florian Klink
d1edd8b2f6
nixosTests.networking: test setting MTU and MAC Address
...
Both the scripted and networkd backend now support setting MTU and MAC
Address, so do this in a test to ensure it doesn't break.
2020-04-13 22:03:35 +02:00
Florian Klink
5150378c2f
nixosTests.networking.virtual: fix with networkd
...
We only need to wait for network.target to get up, and the
network-addresses-${interfaceName} units are scripted networking only.
2020-04-13 22:03:35 +02:00
Florian Klink
1e1945319c
nixosTests.networking: make routing table comparison more reliable
...
This was whitespace-sensitive, kept fighting with my editor and broke
the tests easily. To fix this, let python convert the output to
individual lines, and strip whitespace from them before comparing.
2020-04-13 22:03:35 +02:00
Florian Klink
532528190b
nixos/networking: move network-link-${i.name} to scripted networking
...
The unit sets MTU and MAC Address even with networkd enabled, which
isn't necessary anymore, as networkd handles this by itself.
2020-04-13 22:03:35 +02:00
Florian Klink
ca391c8a4f
nixos/networking: add assertion catching setting mac addresses on tun devices
...
Setting a MAC Address on a tun interface isn't supported, and invoking
the corresponding command fails.
2020-04-13 22:03:35 +02:00
Florian Klink
cddc7a28b8
nixos/networking: fix setting .macAddress and .mtu with networkd
...
This needs to be set in the .linkConfig of a .network
2020-04-13 22:03:35 +02:00
Robin Gloster
e484ca3d9b
alertmanager: implement HA clustering support
2020-04-13 18:39:51 +02:00
Jörg Thalheim
4c3f1d321a
Merge pull request #76723 from jokogr/u/traefik-2.1.1
...
Traefik: 1.7.14 -> 2.2.0
2020-04-13 17:16:54 +01:00
Maximilian Bosch
ec6bac99cc
nixos/build-vms: propagate file location
...
When trying to build a VM using `nixos-build-vms` with a configuration
that doesn't evaluate, an error "at `<unknown-file>`" is usually shown.
This happens since the `build-vms.nix` creates a VM-network of
NixOS-configurations that are attr-sets or functions and don't contain
any file information. This patch manually adds the `_file`-attribute to
tell the module-system which file contained broken configuration:
```
$ cat vm.nix
{ vm.invalid-option = 1; }
$ nixos-build-vms vm.nix
error: The option `invalid-option' defined in `/home/ma27/Projects/nixpkgs/vm.nix@node-vm' does not exist.
(use '--show-trace' to show detailed location information)
```
2020-04-13 17:50:13 +02:00
Mario Rodas
66e43c6588
Merge pull request #84599 from doronbehar/nodejs-python3
...
nodejs: use python3 if possible
2020-04-13 07:44:05 -05:00
Maximilian Bosch
1bf1ae3966
Merge pull request #85092 from mayflower/prometheus-local-config-gen
...
prometheus: use runCommandNoCCLocal for config gen
2020-04-13 11:03:16 +02:00
Ingo Blechschmidt
f379e74f1e
iodine: improve test in view of #58806
2020-04-13 06:22:27 +02:00
Ioannis Koutras
9360e3723d
nixos/traefik: add test
2020-04-12 22:50:36 +02:00
Ioannis Koutras
1f61fbf326
nixos/traefik: make config deep mergeable
2020-04-12 22:50:36 +02:00
Ioannis Koutras
bc766b003a
nixos/traefik: Adapt to traefik v2
...
This commit:
1. Updates the path of the traefik package, so that the out output is
used.
2. Adapts the configuration settings and options to Traefik v2.
3. Formats the NixOS traefik service using nixfmt.
2020-04-12 22:50:36 +02:00
John Ericson
923dc61c9b
Merge pull request #85085 from Ericson2314/document-haskell-env-changes
...
nixos/doc: Document breaking change to Haskell dev shells
2020-04-12 16:33:53 -04:00
Robin Gloster
0e040d16e8
prometheus: use runCommandNoCCLocal for config gen
2020-04-12 20:13:23 +02:00
John Ericson
8594285c25
nixos/doc: Document breaking change to Haskell dev shells
2020-04-12 11:58:05 -04:00
Graham Christensen
56c8b7eeda
Merge pull request #84946 from bqv/nftables
...
nixos/nftables: fix typo in ruleset example
2020-04-12 09:38:55 -04:00
Graham Christensen
35d8514a91
Merge pull request #81848 from grahamc/nested-specialisation
...
specialisation: replace nesting with named configurations
2020-04-12 08:56:11 -04:00
Graham Christensen
ec2d28e323
specialisation: replace nesting with named configurations
...
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2020-04-12 08:12:50 -04:00